ISO 9001:2015 – Tools and Suggestions to Begin the Move (Part 1)

By Michael Haycock, Sr. BRC Quality Consultant

There appears to be real hesitation about changing to the new standard – ISO 9001:2015. We understand the responsibility for maintaining your QMS takes a lot of time and effort. Then – those people who are distant from the actual work and practices decide that it is time for a change. The “gnomes” in Switzerland have been busy again. Actually, these are real people just like you and I (I think) who are identifying what are considered to be global “best practices” – and to have their approval – we have to carry out their expectations.

Our words of encouragement are:

While the words and structure are quite different, most of the requirements and expectations are close to what you’ve done in the past.

Make it practical. Give yourself as many (or few) options as are necessary. Document what you do or expect to do. What and how does it make sense?

Work with a “registrar” who will listen to you about what you do – instead of them telling you what else you need to do. Having worked as an auditor with a registrar for years, the first thing I knew was you were a “customer”. Secondly, while I knew the standard, I also knew it would be particularly presumptuous of me to assume to know your organization or what practices would be best for you – after 2-3 days in your organization. If your registrar is not providing value, and treating you like a customer – you need to consider alternatives.

Don’t curse the darkness – light a candle. (We’ll help with the candle.)

Here’s a start…

Use what you already have – wherever you can.

The standard is the premise for your QMS (Quality Management System) so use it. I have most frequently taken the “Standard” and blended it into a “Policy” Manual. First it clearly identifies what needs to be done – and ensures all requirements are covered. Second it provides a clear map to the actual detailed activities covered by your procedures, work instructions and any related documentation.

Now I hear voices (harmless) that a Quality Manual is no longer required. True – but what is required and what is useful may be different. While a “Policy” Manual is often a close reflection of the standard, the intent AGAIN is to provide direction. Especially with all the structural changes – how will that work for you? My suggestion is to keep much of the documentation you have in the form of procedures and work instructions “the same” or almost, and use the Quality Manual to point to how the requirements will be covered.

Example:

Requirements

Clause(s)

Reference to SOP

ISO 9001:2008

Management Responsibility

5.1 – 5.6

SOP – 5

ISO 9001:2015

Leadership

5.1 – 5.3

SOP – 5

Planning

6.1 – 6.3

Management Review

9.3

“SOP” stands for Standard Operating Procedure if you had one. My example is not an exact “one for one”, but the intent is to show we can keep much of what we’ve already done, and change and enhance whatever else is necessary. A procedure that would cover one requirement in the past could now be used to cover multiple sections – because of the structural change.

While words “procedures” and “records” are no longer specifically used, this is how most of us “humans” have identified documentation since 1987 – and will continue to do so.

There is a high level “Process Representation” of the structure of ISO 9001:2015 in the standard on Page viii. This could be a starting point for identifying processes. You may also keep much of what you already have done in process identification and add to what may not be clearly covered or needs to be enhanced.

This means the methods to identify processes – through process mapping, flow charts or your “historical” procedures – are your choice. While process mapping has been “pushed” (and I believe it is a good tool), there is no one right way. What is right is what works for you and what resources you have available to carry out these activities.

While the concept of “risk” is not new, the prominence of the word in the standard is.

Since you must identify your processes anyway, have a “process owner” identified (make this part of your Section 5 “Leadership” requirement). Once you have your processes laid out to the extent and detail necessary for your organization, use this as the starting point to identify and address risk. There are some complex tools and simple tools available to “articulate” what the risk may be and what controls may be necessary depending on the threshold the organization has established for itself. (I’m more of a “simple tool” person myself.)

While the significance of the risk is important, I believe what is most important is the actual identification of the risk in the first place. (A “risk” not identified will almost certainly be a risk not managed.) There are many ways these activities may be addressed – I always look for what is useful, practical and beneficial to the organization.

There is a need to understand how the new requirements relate to the old or current practices you have in place for ISO 9001:2008.

There is a bit of effort involved with this, but with a linkage between the old and the new this then allows you to know what you can keep, what can be modified, and finally what is new to be added. This is also the time to change what and where the organization feels there is value to be gained.

The quite radical change in structure and wording (not using procedures or records) has probably caused more concern than should be necessary. There are a number of activities that are clearly identified that would have been covered in the past, but most frequently unspoken or not specifically documented. We don’t want to overload, so we will try and provide an article with each review that will identify and hopefully “demystify” (I don’t get to say that much).

There is certainly much to do – we’ll work to help make it understandable.

… and our antelope and lion? We need to be running now more than ever – probably sooner and faster.

Lions and Antelopes

Mike’s articles often mention the antelope and the lion as a metaphor for the competitive business world. For those of you who are not familiar with the reference, here it is…

On the vast plains of Africa, the sleek, agile antelope beds down for the night, knowing that in the morning, to survive, it must run faster than the fastest lion or it will be eaten.

On the vast plains of Africa, the powerful and majestic lion beds down for the night, knowing that in the morning, to survive, it must run faster than the slowest antelope or it will starve.

To survive, you know one thing for certain. Whether you are the lion or the antelope, in the morning “you’d better be running!”